App Sprawl Bogs Down Operations, Fuels Shadow IT Growth

Enterprise IT departments are confronting an unprecedented level of application sprawl, as Torii’s latest benchmark shows an average of 2,191 apps per large organization. This sheer volume overwhelms traditional governance frameworks, making it difficult for security teams to maintain visibility and control. The financial impact is stark: unused or underutilized SaaS licenses translate into millions of dollars in unnecessary spend, while the lack of oversight creates blind spots that attackers can exploit.

Artificial intelligence has become the catalyst accelerating this shadow‑IT phenomenon. Employees, eager to harness AI assistants and generative tools, are adding new applications at a pace that outstrips centralized procurement processes. The report notes that roughly 61% of discovered apps are not formally approved, and only a fraction—about 15%—are fully sanctioned. These unsanctioned tools often integrate deeply with corporate data, expanding the attack surface and increasing the likelihood of data leakage. Moreover, the rapid turnover of AI experiments means that legacy governance models, which rely on annual reviews, are no longer sufficient.

To mitigate these risks, CIOs must transition from reactive oversight to a proactive, continuous‑discovery approach. This involves deploying automated asset‑inventory solutions, enforcing policy‑as‑code, and establishing clear sandboxes for AI experimentation that balance innovation with security. By redefining the role of IT from gatekeeper to enabler, organizations can harness AI’s productivity gains while curbing the financial and security fallout of unchecked app proliferation.